Since remote working, have you seen a rise in the amount of suspicious/spam emails? Perhaps some are stating “urgent request” or ‘document shared with you” Maybe a few have even broken through your filters into your inbox? This is only the tip of the iceberg of concerns for companies who are remote working. During COVID-19, threats to our cyber security systems have increased exponentially, so now is the time to really ask yourself, is my cyber security posture the most secure it can be, with all these extra risks and threats we are facing with remote working?
What do we mean by Cyber Security posture?
We all know about how to retain the correct posture at your desk through all the health and safety audits we have sat through (no pun intended) but what do we really mean by posture when it comes to cyber security systems?
Just like sitting the right way, and having your desk set up correctly can help prevent potential injury to your body, a good cyber security posture will help prevent serious injury to your systems especially, security breaches and cyber-attacks. Your posture in this manner of speaking is how secure you and your workers are from these potential threats.
From a recent survey Barracuda carried out, they found that almost half of all respondents from global businesses have encountered at least one cyber security scare since shifting to remote working, during this Covid-19 lockdown. This shows that now more than ever, it should be a priority to make sure your cyber security posture is secure and that you are confident in your systems, tools, as well as your employees.
Things to consider in order to be cyber secure
Equipment and VPNs
There are many different factors to consider, in order to ensure your cyber security systems are the most secure they can be with remote working. One of the most important things to start with is to make sure you have a secure VPN for all your employees to use. This is vital as home broadband does not have the same security protocols and will not be 100% secure and safe. You can read more about the importance of VPNs on one of our previous posts here.
You also need to make sure that all your employees are using authorised, protected work devices at all times. It is all too simple for an employee to decide it is easier to send and receive emails from their personal mobile. But, this should be stopped, to help prevent potential security breaches. You can do this through a simple fix which requires the employee to get admin permission to set up email accounts on different devices. This will also enable your IT team to monitor who tries to use non-authorised devices to access work servers.
When your employees are in the office, it is easier to pop over to their desks to remind them of upcoming IT updates that need to be completed. However, this is something that often falls by the wayside by both employers and employees when remote working. Make a point of sending out reminder emails when updates are due. Those updates are key to continuing to retain a strong cyber security posture, in order to help protect your company from threats.
On the topic of email reminders, when was the last time you emailed your employees reminding them to stay alert to phishing/scam emails? Phishing emails spiked by over 600% since the end of February reported in info security magazine. This is due to cyber criminals have begun to take advantage and capitalize on the fear and uncertainty generated by COVID-19 pandemic. This could cause serious problems for your company and it only takes a single employee to open one resulting in a security breach.
GDPR. The new set of guidelines brought in which changed the way we share and store data completely. With remote working, it is just as important if not more so to remember GDPR, and ensure all staff is remaining compliant. This includes ensuring any sensitive data being sent to a 3rd party is encrypted with the relevant security, and that files are shared in the correct manner, and not in a way that could be intercepted by hackers.
There is a multitude of file sharing sites out there which will enable your employers to share documents securely and help keep your cybersecurity posture strong. Make sure your employees are aware of the importance of encryption and sharing data responsibly and securely.
But, what happens if your staff suspects a potential breach to your cybersecurity systems? Do your employees know what to do, should they suspect this? If you can’t instantly and confidently say yes then make sure you remind all staff on the protocols so that if the worst does happen and a breach does occur, you can be alerted straight away and ensure minimal damage and disruption.
So, how do I know my cybersecurity posture is the most secure it can be?
You may be reading through this article saying to yourself “I already make cybersecurity one of my top priorities” but can you put your hand up and say with 100% confidence, that your cybersecurity posture, is as secure as it can be?
Don’t worry if you can’t, you are not alone. According to Barracuda’s survey, over 41% of respondents had doubts over how secure their web applications were, and who can blame them, with so many new cyber threats appearing each day?
There is a simple solution for this, which can help to put your mind at ease and provide a full security report within a matter of days. Security assessment tools such as our CTAP assessment are designed to help identify any areas for concern to help strengthen your cybersecurity posture. This will not only assess all your cybersecurity systems for potential weaknesses, but the analysis results can also lead to an improvement in productivity and utilisation. Assessment tools such as ours are key to ensure your cybersecurity posture is the strongest, and most secure it can be.
It’s clear to see that remote working has put a lot of extra pressure on companies worldwide. With no foreseeable end right now for remote working. Our priority is your security and peace of mind so that you can focus on your company, and not worry about cyber threats.
To find out more about what Nouveau can do for you or about our new CTAP tool call us on 01189 186822 or email us on firstname.lastname@example.org
The current coronavirus pandemic has led to organisations having to develop new strategies allowing their employees to continue working but now from home, and as effectively as possible. With the increase of remote workers, we are now starting to see an increase in online security threats as a result.
Remote access can be handled through protocols such as Windows remote desktop (also known as Windows RDP)– allowing users to access a remote desktop within the company’s internal network. The drawback of this platform is that it allows your employees to access your company’s network by opening your network to the entire internet. Thus increasing the risk of security breaches.
Thankfully there is a way to allow organisations to provide employees secure access to company network resources without leaving it vulnerable and open to security attacks. This is done through VPN technology (Virtual Private Networks).
More about VPN Systems
A VPN – short for Virtual private network provides a secure link between employees and businesses by encrypting and scanning data. Dependent on the method of termination used and in conjunction with a UTM device there are further security benefits to be made. For e.g. malicious software such as viruses can be detected and mitigated.
To avoid security risks companies should ensure they are set up to capture metrics about the performance and availability of their VPN services. Ask yourself “When was the last time you took the time to look at your VPN logs?” This process will allow you to detect any compromises of VPN connections and accounts. In principle, now is the time where it is easier to spot compromised accounts, with employees working from home you should be able to spot any irregular VPN usage pattern for each user working from home.
Here’s a deeper look at how a VPN (Virtual private network) works. A VPN uses encryption and other security mechanisms to scramble (otherwise known as encrypting) data when it is sent over a public network. The encryption process now makes the data unreadable. A strong VPN will ensure that only authorised users can access the network and that the data cannot be intercepted.
A VPN will stop cyber criminals seeing your company’s remote service on the internet, therefore reducing risk of interception of communications between your employees and your network.
Ensure you are protecting your devices whether it is your laptop, tablet or smart phone. Devices can be prime targets for cyber criminals as soon as you access the internet even more so when you are on a public network. A VPN will protect the data you send and receive on your device putting a stop to hackers watching your every move.
With many VPN solutions out there make sure you do your homework to choose the right one for your needs. Regardless of which provider you choose, a VPN, in conjunction with other technology will ensure that you comply with security standards. Contact Nouveau Solutions today where we can offer support for VPN enquiries and challenges.
Call us on 01189 186822 or contact us by email on email@example.com.
How to keep your company data secure with simple security practices.
Why Educating Staff on Data Security Is Critical
Failure to educate staff on some of the most basic principles of data security can cause big problems for businesses of all sizes.
It’s estimated that up to 92% of malware is delivered via email to users- and considering that the majority of businesses will use email to communicate both internally and externally, there’s no end to the list of people that could be affected by malware.
Luckily, the risk of malware and phishing attacks can be kept at a manageable level as long as everyone within a business takes responsibility for the business’s cyber security.
Given today’s rapidly growing technology industry, there’s always new threats that arise from the communication tools we use on a daily basis. However, by ensuring that staff are correctly educated on data security can mean that businesses are able to take control of their cyber security measures in a way that is manageable for everyone.
By educating staff on the ‘do’s’ and ‘don’ts’ of cyber security, you’ll be moving the responsibility of data security from not just one person or dedicated team but to everyone, making the company less susceptible to attacks whilst also reducing workplace staff for those in charge of IT security.
Best Data Security Practices
This list of best practices is a great stepping-stone for any business looking to take control of their IT and data security.
The strength of a password is a reflection of its length, complexity and unpredictability. All three of these factors together are responsible for how secure how a password is, however, these factors do not replace the need for other essential security controls to ensure that passwords are not breached.
To ensure that passwords are secure they should be sufficiently long in length, it’s worth aiming for between 12 and 14 characters with a mixture uppercase and lowercase characters too. Additionally, adding special characters to your password will help to strengthen passwords. You should also be mindful of where you are storing passwords, we do not recommend keeping a book of passwords in your desk drawers. There are a number of online password manager applications designed to keep your company’s password safe, secure but accessible for employees.
Most people are quick to disqualify the need for email security, up to 80% of successful cyber attacks involve phishing- a common form of fraud where individuals are asked to reveal personal information such as passwords, credit card information etc. whilst purporting to be from a reputable business.
Email security software can help to reduce the occurrence of these phishing scams from entering into staff mailboxes. However, it’s also important that the company has relevant policies in place that determines how staff can identify potentially fraudulent emails as well as what to do in when one is discovered.
Again, this method of protecting your business from IT threats means that every individual within a business is responsible for managing their IT security at work.
Having strict procedures in place were by staff understand what the safe working practices are surrounding opening and sharing attachments via email will help to reduce IT threats and malware.
In order to do this, it’s important to be aware of some of the techniques that are used by fraudulent attackers/ scammers. Often unsuspecting victims of opening dangerous attachments involve the use of social engineering tactics such as:
- Customised personal message text (such as “Dear John” or “please review the attached”)
- Forgery (Fraudulent emails sent by someone you appear to know)
- Threatening (Attackers may use messages like “your account will be closed unless you…”)
- Creating messages look as if they were sent from an official source (“firstname.lastname@example.org”)
- Making the attachment look harmless (“my_holiday_pictures”)
These are just a small number of ways that hackers could use in order to gain your trust and get you or a staff member from opening a hazardous attachment in an email or message.
Luckily, taking control of your businesses IT security doesn’t have to be complicated. Nouveau solutions can help to provide your staff with training, advice and solutions to combat IT security at work. Find out more about how you can train staff to take the steps necessary to protect themselves and your business from cyber threats. Get in touch with Nouveau Solutions today.
In an increasingly online world, the importance of IT cannot be understated for businesses.
Most companies (89%) expect their IT budgets to grow or stay steady in 2019, with the need to upgrade outdated IT infrastructure is the biggest driver of these budget increases (source).
However, balancing the upgrades and maintenance of your IT infrastructure, as well as the day-to-day IT needs of your employees and customers can become an overwhelming experience for your IT department.
Choosing a managed services provider can help to alleviate this problem – keeping your systems business as usual – allowing your IT department to focus on improving business efficiency and performance.
What is a Managed Service Provider?
A managed service provider (MSP) is an organisation that remotely manages a customer’s IT network and infrastructure, as well as their on premise or cloud applications.
Providing extra IT support when you need it most, managed service providers acts as an extension of your IT team – ensuring that your business’ IT systems remains secure, robust, and operational.
Typically, MSPs operate under a subscription model, creating a scalable IT solution that allows you to choose the coverage that’s the best value for your organisation.
How do Managed Services work?
When outsourcing your IT to a managed service provider, you will have an initial consultation to assess your current IT environment. The infrastructure you have invested in, the systems you use, and your end-to-end applications will be reviewed to ensure that you receive the most suitable managed services support for your business.
As a leading managed service provider, we proactively review your security, infrastructure and system performance and let you know if there are any areas of concern, or network improvements. We also monitor and detect threats to your system in real time, taking immediate action when required, while keeping you informed to protect your business.
What Services can an MSP Offer?
Typically the services that a managed service provider can offer your business is tailored to your IT needs. Typically services provided include:
- IT Support – keeping your infrastructure operational and secure.
- Endpoint Protection – monitoring your applications and network to ensure all suspicious activity is detected and re-mediated.
- Compliance – ensuring you are GDPR compliant.
- Firewall Management – managing your firewall, making sure it’s always optimised and up-to-date to guard against the most recent advances in security threats.
- Security Information and Event Management (SIEM) – constantly monitoring the integrity of your entire IT system, and creates an alert if any potential weaknesses are detected.
Why Choose a Managed Service Provider?
There are many benefits to working with a managed service provider. Here’s why your business should consider working with an MSP:
- Cost Effective – by only paying for the cover your business needs, you can rest assured that your infrastructure is secure without needing to break the bank.
- Flexible – if you only require office-hours support, there’s an option for you, or if you need round the clock, 7 days a week support, you can have the option that gives you the level of managed IT support your business needs.
- Peace of Mind – enables you to focus on your business without having to worry about your IT.
- Expertise – working with a managed service provider allows your business to access a wide pool of knowledge that may not be otherwise available within your in-house IT team.
- Secure – proactively monitoring your IT systems and infrastructure ensures that your business is protected from evolving security threats.
How much do Managed Services Cost?
The cost of working with a managed services provider varies depending on the support your business needs.
At Nouveau, our IT support services are flexible, so you can choose the Service Desk coverage that’s the best value for your organisation. So, whether you need 8-5 support, or 24-7 assistance, we have a range of managed service packages to help ensure your business continues to operate at maximum efficiency.To learn more about managed services, and how we can help keep your business’ IT secure and operational, speak to one of our expert consultants on 0118 918 6822.
Alternatively, you can get in touch via our contact form.